US20020004904A1 - Cryptographic data processing systems, computer program products, and methods of operating same in which multiple cryptographic execution units execute commands from a host processor in parallel - Google Patents
Cryptographic data processing systems, computer program products, and methods of operating same in which multiple cryptographic execution units execute commands from a host processor in parallel Download PDFInfo
- Publication number
- US20020004904A1 US20020004904A1 US09/852,937 US85293701A US2002004904A1 US 20020004904 A1 US20020004904 A1 US 20020004904A1 US 85293701 A US85293701 A US 85293701A US 2002004904 A1 US2002004904 A1 US 2002004904A1
- Authority
- US
- United States
- Prior art keywords
- local memory
- cryptographic
- command
- host processor
- processor
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
- 238000012545 processing Methods 0.000 title claims abstract description 53
- 238000000034 method Methods 0.000 title claims abstract description 39
- 238000004590 computer program Methods 0.000 title claims abstract description 35
- 230000006870 function Effects 0.000 claims description 7
- 238000010586 diagram Methods 0.000 description 15
- 230000003993 interaction Effects 0.000 description 5
- 238000012986 modification Methods 0.000 description 4
- 230000004048 modification Effects 0.000 description 4
- 230000008569 process Effects 0.000 description 4
- 238000012360 testing method Methods 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 2
- 238000012546 transfer Methods 0.000 description 2
- 230000001133 acceleration Effects 0.000 description 1
- 238000013459 approach Methods 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 230000003139 buffering effect Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000007796 conventional method Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000010365 information processing Effects 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 230000000737 periodic effect Effects 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/30—Arrangements for executing machine instructions, e.g. instruction decode
- G06F9/38—Concurrent instruction execution, e.g. pipeline, look ahead
- G06F9/3877—Concurrent instruction execution, e.g. pipeline, look ahead using a slave processor, e.g. coprocessor
- G06F9/3879—Concurrent instruction execution, e.g. pipeline, look ahead using a slave processor, e.g. coprocessor for non-native instruction execution, e.g. executing a command; for Java instruction set
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/121—Restricting unauthorised execution of programs
- G06F21/123—Restricting unauthorised execution of programs by using dedicated hardware, e.g. dongles, smart cards, cryptographic processors, global positioning systems [GPS] devices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/72—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F7/00—Methods or arrangements for processing data by operating upon the order or content of the data handled
- G06F7/60—Methods or arrangements for performing computations using a digital non-denominational number representation, i.e. number representation without radix; Computing devices using combinations of denominational and non-denominational quantity representations, e.g. using difunction pulse trains, STEELE computers, phase computers
- G06F7/72—Methods or arrangements for performing computations using a digital non-denominational number representation, i.e. number representation without radix; Computing devices using combinations of denominational and non-denominational quantity representations, e.g. using difunction pulse trains, STEELE computers, phase computers using residue arithmetic
- G06F7/728—Methods or arrangements for performing computations using a digital non-denominational number representation, i.e. number representation without radix; Computing devices using combinations of denominational and non-denominational quantity representations, e.g. using difunction pulse trains, STEELE computers, phase computers using residue arithmetic using Montgomery reduction
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0877—Generation of secret information including derivation or calculation of cryptographic keys or passwords using additional device, e.g. trusted platform module [TPM], smartcard, USB or hardware security module [HSM]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/12—Details relating to cryptographic hardware or logic circuitry
- H04L2209/125—Parallelization or pipelining, e.g. for accelerating processing of cryptographic operations
Definitions
- the present invention relates generally to the field of data processing systems, and, more particularly, to cryptographic data processing systems, computer program products, and methods of operating same.
- conventional cryptographic data processing systems generally use two main methods for issuing a command to a cryptographic accelerator:
- the first method involves the provision of a command register on the cryptographic accelerator that a host processor uses to issue a single command. Once the cryptographic accelerator completes executing a command, the host processor may issue a new command. After completing a command, the cryptographic accelerator is generally idle until the host processor issues a new command. Unfortunately, the host processor may spend much time interacting directly with the cryptographic accelerator to download data and issue commands. This may reduce the amount of time available to the host processor for attending to other tasks.
- the second method allows the host processor to download one or more command sequences to the cryptographic accelerator and then to instruct the cryptographic accelerator to execute one or more of the downloaded command sequences.
- the cryptographic accelerator is generally idle until the host processor issues a new command.
- the size of the command sequences may be limited based on the amount of memory that may be placed on the cryptographic accelerator.
- the host processor may spend much time interacting directly with the cryptographic accelerator to download data and issue command sequences. This may reduce the amount of time available to the host processor for attending to other tasks.
- the size of the operands will always be less than or equal to the register size. As a result, some of the memory in the registers may be wasted. This reduces the number of operands that may be stored on a chip in a given amount of space.
- the cryptographic accelerator is redesigned to accommodate larger operands, then each of the registers may need to be modified. More registers may be designed into a cryptographic accelerator; however, adding more memory to a cryptographic accelerator may reduce the amount of other functionality that may be included and/or increase the cost.
- Cryptographic processors and/or other types of signal processors and integrated circuits may use a hardware-based random number generator.
- Various conventional methods may be used to retrieve random numbers from an integrated circuit incorporating a random number generator.
- One method is for the random number generator to provide one or more data registers that a host processor may read to obtain random numbers.
- the host processor may tell the random number generator to provide more random data before or after retrieving random data from the registers.
- the random number generator may generate the random data in the background so that random data may be available when needed by the host processor.
- Another method for obtaining random data is for the host processor to request a block of random data from the random number generator.
- the host processor may provide the random number generator with a request that specifies an amount of random data and a location in memory where the random data should be placed.
- the random number generator may then generate the random data and transfer the random data to the requested location in the background.
- any buffer management that may be desired is generally performed by the host processor.
- the bus that connects the host processor with the random number generator may be used inefficiently because single data reads are typically used instead of block reads. If a host processor requests a block of random data, however, then the host processor may initiate the data transfers and any desired buffer-management that may be desired is generally performed by the host processor. The foregoing operations may be performed in the background and/or a fast host processor may be used; however, a faster host processor may increase system costs.
- Embodiments of the present invention provide cryptographic data processing systems, computer program products, and methods of operating same.
- cryptographic data processing systems comprise a host processor, a system memory coupled to the host processor, and a cryptographic processor integrated circuit that comprises a local memory.
- One or more operands are downloaded into the local memory from the system memory and the cryptographic processor executes an instruction that references one of the downloaded operands using a first relative position in the local memory.
- a result is generated based on the operand referenced when executing the instruction and this result is stored at a second relative position in the local memory.
- the first and second relative positions may comprise first and second offsets from a base address in the local memory.
- operands and results may be packed together in the local memory, which may conserve storage space.
- the performance of cryptographic data processing systems may be improved by providing separate command interfaces that are respectively associated with execution units in the cryptographic processor.
- a plurality of execution units may be provided in the cryptographic processor.
- Commands blocks may be respectively provided to the execution units and these command blocks may be executed simultaneously by the plurality of execution units.
- FIG. 1 is a block diagram that illustrates cryptographic data processing systems, computer program products, and methods of operating same in accordance with embodiments of the present invention
- FIG. 2 is a flowchart that illustrates operations of cryptographic data processing systems and computer program products in accordance with embodiments of the present invention
- FIGS. 3 - 5 are block diagrams that illustrate functional execution units of a cryptographic accelerator processor in accordance with embodiments of the present invention.
- FIG. 6 is a flowchart that illustrates operations of cryptographic data processing systems and computer program products in accordance with further embodiments of the present invention.
- FIGS. 7 - 8 are block diagrams that illustrate an encryption/authentication command queue and a public key command queue, respectively, in accordance with embodiments of the present invention.
- FIGS. 9 - 11 are flowcharts that illustrate operations of cryptographic data processing systems and computer program products in accordance with further embodiments of the present invention.
- FIGS. 12 A- 12 D are block diagrams that illustrate command blocks in accordance with embodiments of the present invention.
- FIG. 13 is a flowchart that illustrates operations of cryptographic data processing systems and computer program products in accordance with further embodiments of the present invention.
- FIGS. 14A, 14B, and 15 are block diagrams that illustrate command blocks in accordance with further embodiments of the present invention.
- FIGS. 16 and 17 are flowcharts that illustrate operations of cryptographic data processing systems and computer program products in accordance with further embodiments of the present invention.
- FIG. 18 is a block diagram that illustrates a random number generator data queue in accordance with embodiments of the present invention.
- FIG. 19 is a flowchart that illustrates operations of cryptographic data processing systems and computer program products in accordance with further embodiments of the present invention.
- FIG. 20 is a block diagram that illustrates a command interface for a conventional application specific integrated circuit
- FIG. 21 is a block diagram that illustrates parallel command interfaces for an application specific integrated circuit in accordance with embodiments of the present invention.
- FIG. 22 is a block diagram of a cryptographic accelerator processor in which command interface managers are respectively associated with functional execution units in accordance with embodiments of the present invention.
- FIG. 23 is a flowchart that illustrates operations of cryptographic data processing systems and computer program products in accordance with further embodiments of the present invention.
- the present invention may be embodied as methods, data processing systems, and/or computer program products. Accordingly, the present invention may be embodied in hardware and/or in software (including firmware, resident software, micro-code, etc.). Furthermore, the present invention may take the form of a computer program product on a computer-usable or computer-readable storage medium having computer-usable or computer-readable program code embodied in the medium for use by or in connection with an instruction execution system.
- a computer-usable or computer-readable medium may be any medium that can contain, store, communicate, propagate, or transport the program for use by or in connection with the instruction execution system, apparatus, or device.
- the computer-usable or computer-readable medium may be, for example but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, device, or propagation medium. More specific examples (a nonexhaustive list) of the computer-readable medium would include the following: an electrical connection having one or more wires, a portable computer diskette, a random access memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or Flash memory), an optical fiber, and a portable compact disc read-only memory (CD-ROM).
- RAM random access memory
- ROM read-only memory
- EPROM or Flash memory erasable programmable read-only memory
- CD-ROM portable compact disc read-only memory
- the computer-usable or computer-readable medium could even be paper or another suitable medium upon which the program is printed, as the program can be electronically captured, via, for instance, optical scanning of the paper or other medium, then compiled, interpreted, or otherwise processed in a suitable manner, if necessary, and then stored in a computer memory.
- an exemplary cryptographic data processing system 12 comprises a cryptographic accelerator processor 14 , a host processor 16 , a cache memory 18 , a system memory 22 , and a system bus controller 24 , such as a north-bridge system controller.
- the system bus controller 24 couples the host processor 16 to the cache memory 18 and the system memory 22 , and also couples the host processor 16 and the system memory 22 to the cryptographic accelerator processor 14 via a system bus 26 , which may be, for example, a peripheral component interconnect (PCI) bus.
- PCI peripheral component interconnect
- the host processor 16 may be, for example, a commercially available or custom microprocessor.
- the system memory 22 is representative of an overall hierarchy of memory devices containing the software and data used to implement the functionality of the cryptographic data processing system 12 .
- the system memory 22 may include, but is not limited to, the following types of devices: ROM, PROM, EPROM, EEPROM, flash, SRAM, and DRAM.
- the cryptographic accelerator processor 14 comprises a random number generator (RNG) execution unit 28 , an encryption/authentication (E/A) execution unit 32 , and a public key (PK) engine execution unit 34 , which are coupled to a local memory 36 via a local bus 38 .
- the system memory 22 contains a random number (RN) data queue 42 , an E/A command queue 44 , a PK command queue 46 , and data buffer(s) 47 .
- FIG. 1 illustrates an exemplary cryptographic data processing system architecture
- the present invention is not limited to such a configuration, but is intended to encompass any configuration capable of carrying out operations described herein.
- Computer program code for carrying out operations of embodiments of the cryptographic data processing system 12 may be written in a high-level programming language, such as C or C++, for development convenience. Nevertheless, some modules or routines may be written in assembly language or even micro-code to enhance performance and/or memory usage. It will be further appreciated that the functionality of any or all of the program modules may also be implemented using discrete hardware components, a single application specific integrated circuit (ASIC), or a programmed digital signal processor or microcontroller.
- ASIC application specific integrated circuit
- These computer program instructions may also be stored in a computer usable or computer-readable memory that may direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer usable or computer-readable memory produce an article of manufacture including instructions that implement the function/act specified in the flowchart and/or block diagram block or blocks.
- the computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions that execute on the computer or other programmable apparatus provide steps for implementing the functions/acts specified in the flowchart and/or block diagram block or blocks.
- the host processor 16 loads a command block into one of the command queues 44 and 46 at block 52 .
- the cryptographic accelerator processor 14 may be notified by the host processor 16 that the command block is available for processing or may periodically access the command queues 44 , and/or 46 to determine if a command block is available for processing.
- the cryptographic accelerator processor 14 downloads the command block from one of the command queues 44 and 46 and executes the command block at block 54 .
- the host processor 16 is notified at block 56 .
- the host processor 16 need not spend time interacting directly with the cryptographic accelerator processor 14 (e.g., issuing a command to the cryptographic accelerator processor 14 , waiting for that command to complete, and then issuing another command). Instead, the host processor 16 may load commands into command queues 44 and 46 , which may then be processed in background by the cryptographic accelerator processor 14 . Moreover, the size and number of command block sequences may be less constrained because the availability of system memory is generally more abundant.
- the RNG execution unit 28 , the E/A execution unit 32 , and the PK engine execution unit 34 may use various registers that facilitate communication with the RN data queue 42 and the command queues 44 and 46 .
- a control/status register 62 , a RN data queue base address register 64 , a RN data queue size register 66 , and a RN data queue pointer register 68 may be defined for use by the RNG execution unit 28 .
- the control/status register 62 may include a self-test error field, which may be set if the RNG execution unit 28 generates two successive random number samples that are the same, and/or an error flag field, which may be used to notify the host processor 16 of an error on the system bus 26 .
- the RN data queue base address register 64 may be used to hold the base address of the RN data queue 42 in the system memory 22 . If the RN data queue 42 does not have a fixed size, then the RN data queue size register 66 may be used to hold the size of the RN data queue 42 .
- the RN data queue pointer register 68 may comprise a read pointer 72 portion and a write pointer 74 portion, which may be used by the RNG execution unit 28 and the host processor 16 as will be discussed in more detail hereinafter.
- a control/status register 82 may be defined for use by the E/A execution unit 32 .
- the control/status register 82 may include an interrupt flag field, which may be set if the host processor 16 requests an interrupt upon completion of a command block and/or if execution of a command block fails and/or an error flag field, which may be used to notify the host processor 16 of an error on the system bus 26 .
- the E/A command queue base address register 84 may be used to hold the base address of the E/A command queue 44 in the system memory 22 .
- the E/A command queue size register 86 may be used to hold the size of the E/A command queue 44 .
- the E/A command queue pointer register 88 may comprise a read pointer 92 portion and a write pointer 94 portion, which may be used by the E/A execution unit 32 and the host processor 16 , respectively, as will be discussed in more detail hereinafter.
- a control/status register 102 may be defined for use by the PK engine execution unit 34 .
- the control/status register 102 may include an interrupt flag field, which may be set if the host processor 16 requests an interrupt upon completion of a command block and/or if execution of a command block fails and/or an error flag field, which may be used to notify the host processor 16 of an error on the system bus 26 .
- the PK command queue base address register 104 may be used to hold the base address of the PK command queue 46 in the system memory 22 .
- the PK command queue size register 106 may be used to hold the size of the PK command queue 46 .
- the PK command queue pointer register 108 may comprise a read pointer 112 portion and a write pointer 114 portion, which may be used by the PK engine execution unit 34 and the host processor 16 , respectively, as will be discussed in more detail hereinafter.
- the host processor 16 writes commands into the command queues 44 and 46 beginning at write address locations stored in the write pointers for the respective command queues (e.g., write pointers 94 and 114 ). Before writing a command block into a command queue, however, the host processor determines at block 122 whether the write address plus the command block size equals the read address stored in the corresponding read pointer 92 or 112 .
- the host processor 16 postpones loading a new command block into the command queue until the cryptographic accelerator processor 14 has incremented the read address. If, however, the result determined at block 122 is “No,” then the host processor 16 loads a command block into the command queue at block 124 at the write address associated with the command queue and then increments the write address at block 126 by an amount corresponding to the size of the loaded command block.
- the host processor 16 need not check the current read address every time a new command block is loaded. Instead, the host processor 16 may check the read address when the write address is getting close to the last value the host processor 16 has for the read address. Checking the read address may be expensive in terms of processor cycles consumed. By checking the read address only when the read address is getting close to the write address (e.g., within a predefined threshold), host processor 16 cycles may be conserved.
- FIGS. 7 and 8 show embodiments of the E/A command queue 44 and the PK command queue 46 , respectively.
- both the E/A command queue 44 and the PK command queue 46 are configured to hold m command blocks, which each comprise eight, thirty-two bit words.
- the host processor 16 has written a single command block into the first command block position (i.e., the “0” position) and the write address has been incremented to point to the next empty command block slot.
- the addresses used in FIGS. 7 and 8 are based on command block slot numbers for purposes of illustration.
- These addresses may be converted into absolute addresses by multiplying the command block slot number by 256 and adding the resulting product to the respective base addresses for the command queues, which are stored in the E/A command queue base address register 84 and the PK command queue base address register 104 , respectively.
- the test used at block 122 of FIG. 6 to determine whether a new command block may be loaded into a command queue implies that if a command queue may hold up to m command blocks, then only m ⁇ 1 command blocks may be stored in the command queue at the same time.
- the cryptographic accelerator processor 14 determines whether the write address is equal to the read address. Specifically, the E/A execution unit 32 determines whether the write address is equal to the read address for the E/A command queue 44 and the PK engine execution unit 34 determines whether the write address is equal to the read address for the PK command queue 46 . If the result determined at block 132 is “Yes,” then the cryptographic processor 14 waits until the host processor 16 loads a new command block into the command queue.
- the cryptographic accelerator processor 14 downloads the command block at the read address associated with the command queue and executes the command block at block 134 .
- multiple command blocks may be downloaded for execution on the cryptographic accelerator processor 14 at the same time, which may further improve performance.
- the cryptographic accelerator processor 14 then increments the read address at block 136 by an amount corresponding to the size of the executed command block.
- the read addresses are set to point to the first command block slot, which has been loaded with a command block by the host processor 16 .
- the E/A execution unit 32 and the PK engine execution unit 34 may read the command blocks loaded in the E/A command queue 44 and the PK command queue 46 , respectively, with only minimal interaction with the host processor 16 , e.g., maintenance of the read pointers 92 and 112 , and the write pointers 94 , and 114 .
- the cryptographic accelerator processor 14 may continue to execute commands located in a circular command queue in system memory until the read address equals the write address for that command queue.
- interaction between the host processor 16 and the cryptographic accelerator processor 14 may be further reduced and overall system performance improved by including load and store commands in the cryptographic accelerator processor's command set.
- a load command loads one or more operands from the system memory 22 (e.g., the data buffer(s) 47 ) to the local memory 36 at block 142 .
- the cryptographic accelerator processor 14 then performs one or more operations on the operand(s) at block 144 to generate a result that is stored in the local memory 36 .
- a store command then stores the result in the system memory 22 at block 146 .
- the host processor 16 need not consume processing time downloading operands to the cryptographic accelerator processor 14 and/or uploading results from the cryptographic accelerator processor 14 into the system memory 22 .
- At least a portion of the operands downloaded from the system memory 22 may be stored in the local memory 36 .
- an offset is used that identifies the relative position of the operands and results in the local memory 36 .
- a cryptographic accelerator processor 14 instruction may indicate that “a” is at offset 0 relative to a base address of the local memory 36 , “b” is at offset 8 relative to the base address of the local memory 36 , and the result “c” should be placed at offset 122 relative to the base address of the local memory 36 .
- the result generated in the local memory 36 may also be stored in a result field of a command block, which is located in one of the command queues 44 and 46 in the system memory 22 .
- operands and results may be packed together into the local memory 36 , which may conserve storage space. Because there is no wasted space in storing the operands and results in the local memory 36 , memory utilization may be improved. If the cryptographic accelerator processor 14 needs to be redesigned to handle larger operands, then the local memory 36 may be easier to resize than resizing several registers.
- interaction between the host processor 16 and the cryptographic accelerator processor 14 may be further reduced and overall system performance improved by allowing the cryptographic accelerator processor 14 to inform the host processor 16 when command blocks have been executed.
- the host processor 16 loads a command block into one of the command queues 44 and 46 at block 152 .
- the command block may include an interrupt field, which may be set by the host processor 16 to turn an interrupt request on or off.
- the cryptographic accelerator processor 14 downloads the command block from one of the command queues 44 and 46 and executes the command block at block 154 .
- the cryptographic accelerator processor 14 may optionally store error information in the command block as shown in FIG. 12B at block 156 .
- the error information may comprise information that is associated with downloading the command block to the cryptographic accelerator processor 14 and/or executing the command block on the cryptographic accelerator processor 14 .
- the cryptographic accelerator processor 14 invokes an interrupt to notify the host processor 16 that the command block has completed.
- the cryptographic accelerator processor 14 may update a completion field in the command block as shown in FIG. 12C.
- a periodic interrupt may be defined that upon each occurrence triggers the host processor 16 to check one or more of the command queues 44 and 46 to determine whether any of the command blocks stored therein have been executed by examining their completion fields.
- the cryptographic accelerator processor 14 may store the results from executing a command block in the command block as shown in FIG. 12D.
- the host processor 16 may set a timer when storing a command block into a command queue 42 , 44 . Upon expiration of the timer, the host processor 16 may check to determine whether the command block has been executed.
- the status of a command block may be determined by the host processor 16 without the need to process an interrupt from the cryptographic accelerator processor 14 .
- improved utilization of the system memory 22 may be attained by re-using at least a portion of a command block that contains input data to store a result or output that is generated by an adjunct processor, such as the cryptographic accelerator processor 14 , upon executing the command block. It is assumed that the size of the result or output is small enough to fit into the portion of the command block containing the input data that is to be overwritten. In addition, the region of the command block in which the result or output is stored should be selected carefully to ensure that the input data that is overwritten is no longer needed by the host processor 16 after the command block has been executed by the adjunct processor.
- exemplary operations begin at block 162 where the host processor loads a command block that includes input data into one of the command queues 44 or 46 in the system memory 22 .
- the command block may include pointers to input data that reside, for example, in the data buffer(s) 47 in the system memory 22 .
- An adjunct processor such as the cryptographic accelerator processor 14 , may download the command block and perform one or more operations on the input data to generate a result at block 164 . If the command block includes pointers to input data, then the data are separately downloaded to the cryptographic accelerator processor 14 using the input data pointers.
- the result is then stored in the command block in the system memory 22 at block 166 such that at least a portion of the input data is overwritten.
- the memory reserved for the command block in the system memory 22 may be reduced because additional storage space need not be reserved to store the result of executing the command block either in the command block or elsewhere in the system memory 22 .
- FIGS. 14A and 14B show an exemplary command block for decrypting an encrypted packet.
- a command block is shown that comprises a field that contains a hash key for the encrypted packet and another field that contains input information.
- the cryptographic accelerator processor 14 downloads the command block of FIG. 14A and performs hash operations using the hash key and input information to generate a hash value.
- this hash value is then stored in the command block in the system memory 22 by overwriting the input information, which is no longer needed once the hash value has been computed.
- the input information may be one or more pointers to input data stored, for example, in the data buffer(s) 47 in the system memory 22 .
- Cryptographic processors and/or other types of signal processors and integrated circuits may use a hardware-based random number generator.
- the cryptographic accelerator processor 14 may include a RNG execution unit 28 that may be used to generate random numbers for use by other execution units of the cryptographic accelerator processor 14 and/or the host processor 16 . Exemplary operations that may be used to reduce interaction between the host processor 16 and the cryptographic accelerator processor 14 and to improve overall system performance will be described hereafter. Referring now to FIG. 16, operations begin at block 172 where the cryptographic accelerator processor 14 loads a random number sample into the RN data queue 42 beginning at the write address stored in the write pointer field 74 of the RN data queue pointer register 68 (see FIG. 3).
- the host processor 16 reads the random number sample in the RN data queue 42 beginning at the read address stored in the read pointer field 72 of the RN data queue pointer register 68 (see FIG. 3).
- the host processor 16 need not spend time interacting directly with the cryptographic accelerator processor 14 to request blocks of random data and/or reading random data from, for example, one or more registers on the cryptographic accelerator processor 14 chip.
- the cryptographic accelerator processor 14 determines at block 182 whether the write address plus the random number sample size equals the read address stored in the read pointer field 72 . If the result determined at block 182 is “Yes,” then the cryptographic processor 14 postpones loading a new random number sample into the RN data queue 42 until the host processor 16 has incremented the read address.
- the cryptographic processor 14 loads a random number sample into the RN data queue 42 at block 184 at the write address stored in the write pointer field 74 and then increments the write address at block 186 by an amount corresponding to the size of the loaded random number sample.
- FIG. 18 shows an exemplary embodiment of the RN data queue 42 .
- the RN data queue 42 is configured to hold 512 random number samples, which each comprise 64 bits.
- the cryptographic processor 14 has written four random number samples into addresses 1 through 4 and the write address has been incremented to point to the next available address, which is empty or contains data that have already been read by the host processor 16 .
- the addresses shown in FIG. 18 are based on random number sample units for purposes of illustration. These addresses may be converted into absolute addresses by multiplying the random number sample number by 64 and adding the resulting product to the respective base address for the RN data queue 42 , which is stored in the RN data queue base address register 64 .
- the host processor 16 determines whether the write address is equal to the read address. If the result determined at block 192 is “Yes,” then the host processor 16 waits until the cryptographic accelerator processor 14 loads a new random number sample into the RN data queue 42 . If, however, the result determined at block 192 is “No,” then the host processor 16 reads the random number sample at the read address stored in the read pointer field 72 at block 194 . The host processor 16 then increments the read address at block 196 by an amount corresponding to the size of the random number sample. The host processor 16 need not check the current write address every time a new random number sample is read. Instead, the host processor 16 may check the write address when the read address is getting close to the last value the host processor 16 has for the write address.
- a cryptographic accelerator processor 14 may provide random number samples for use by a host processor 16 with reduced interaction between the host processor 16 and the cryptographic accelerator processor 14 .
- the host processor 14 need only interact with the cryptographic accelerator processor 14 to update the read address and to check the value of the write address when the read address approaches the last value the host processor 14 has for the write address.
- the cryptographic accelerator processor 14 may manage the buffering of the random number samples, which may conserve processor cycles of the host processor 16 and may reduce transactions on the system bus 26 , which may improve overall system performance.
- ASICs such as the ASIC 202 shown in FIG. 20.
- the ASIC 202 comprises a plurality of functional units 204 , 206 , and 208 , which are configured to perform specific operations.
- input commands are provided to the ASIC 202 serially and then routed to the appropriate functional unit 204 , 206 , and/or 208 .
- the outputs and/or results of executing the input commands are provided serially as command outputs from the ASIC 202 .
- the ASIC 202 typically processes commands sequentially such that a first command must finish before a subsequent command may be processed even if the commands are executed by different functional units.
- an ASIC 212 includes a plurality of functional units 214 , 216 , and 218 , which each receive command inputs through its own command interface and generate outputs and/or results that may be communicated to another processor through the command interface.
- the functional units 214 , 216 , and 218 may operate independently and in parallel, thereby improving the performance of a cryptographic data processing system.
- the functional units 214 , 216 , and 218 may comprise the E/A execution unit 32 , the RNG execution unit 28 , and the PK engine execution unit 34 .
- the E/A execution unit 32 comprises a command interface manager 222
- the RNG execution unit 28 comprises a command interface manager 224
- the PK engine execution unit 34 comprises a command interface manager 226 .
- These respective command interface managers 222 , 224 , and 226 may be used to receive input command blocks from the E/A command queue 44 , to transmit random number samples to the RN data queue 42 , and to receive input command blocks from the PK command queue 46 , respectively, and to allow the respective execution units 28 , 32 , and 34 to perform operations in parallel.
- Operations begin at block 232 where one or more command blocks are provided to each of the functional units, such as, for example, by providing command blocks in the E/A command queue 44 and the PK command queue 46 for the E/A execution unit 32 and the PK engine execution unit 34 , respectively.
- the command blocks are simultaneously executed by the functional units by accessing the command blocks in parallel through, for example, the command interface manager 222 and the command interface manager 226 , which are associated with the E/A execution unit 32 and the PK engine execution unit 34 , respectively.
- command blocks may be provided to the cryptographic processor 14 in serial fashion over the system bus 24 . Nevertheless, the cryptographic processor 14 may distribute command blocks to the command interface managers 222 , 224 , and 226 associated with the execution units 32 , 28 , and 34 , which may then process the command blocks in parallel.
- commands may be provided to the command interface managers in a variety of ways.
- a processor may write commands directly to the command interface managers or, alternatively, commands may be stored in a memory and the command interface managers may be provided with the addresses where they may retrieve the stored commands for execution.
- each block may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s).
- the functions noted in the blocks may occur out of the order noted in FIGS. 2, 6, 9 - 11 , 13 , 16 , 17 , 19 , and 23 .
- two blocks shown in succession may in fact be executed substantially concurrently or the blocks may sometimes be executed in the reverse order, depending on the functionality involved.
Abstract
Description
- This application claims the benefit of Provisional Application Ser. No. 60/203,409, filed May 11, 2000, entitled Cryptographic Acceleration Methods and Apparatus, and Provisional Application Ser. No. 60/203,465, filed May 11, 2000, entitled Methods and Apparatus for Supplying Random Numbers, the disclosures of which are hereby incorporated herein by reference in their entirety as if set forth fully herein.
- The present invention relates generally to the field of data processing systems, and, more particularly, to cryptographic data processing systems, computer program products, and methods of operating same.
- Signal processors and integrated circuit chips have been developed to accelerate cryptographic operations, such as public key operations. Examples of such chips include, but are not limited to, the Hifn 6500 available from Hifn, Inc., the SafeNet ADSP 2141 available from SafeNet, Inc., and the Rainbow Mykotronx FastMAP available from Rainbow Mykotronx, Inc. Despite the availability of cryptographic accelerator products, there remains room for improvement in the art.
- For example, conventional cryptographic data processing systems generally use two main methods for issuing a command to a cryptographic accelerator: The first method involves the provision of a command register on the cryptographic accelerator that a host processor uses to issue a single command. Once the cryptographic accelerator completes executing a command, the host processor may issue a new command. After completing a command, the cryptographic accelerator is generally idle until the host processor issues a new command. Unfortunately, the host processor may spend much time interacting directly with the cryptographic accelerator to download data and issue commands. This may reduce the amount of time available to the host processor for attending to other tasks.
- The second method allows the host processor to download one or more command sequences to the cryptographic accelerator and then to instruct the cryptographic accelerator to execute one or more of the downloaded command sequences. After completing a command sequence, the cryptographic accelerator is generally idle until the host processor issues a new command. The size of the command sequences may be limited based on the amount of memory that may be placed on the cryptographic accelerator. Like the first method, the host processor may spend much time interacting directly with the cryptographic accelerator to download data and issue command sequences. This may reduce the amount of time available to the host processor for attending to other tasks.
- Cryptographic accelerators generally perform operations using one or more operands. These devices may include general-purpose operand storage that comprises fixed length registers to store the operands and results. To execute an instruction, a register number is used to indicate which operand should be used for the operation and where the output should be stored. For example, if the operation were “a+b=c,” then part of the instruction would indicate that “a” is in register 7, “b” is in
register 1, and “c” should be put into register 2. - Because the registers are fixed in size and the operands and results are variable in size, the size of the operands will always be less than or equal to the register size. As a result, some of the memory in the registers may be wasted. This reduces the number of operands that may be stored on a chip in a given amount of space. In addition, if the cryptographic accelerator is redesigned to accommodate larger operands, then each of the registers may need to be modified. More registers may be designed into a cryptographic accelerator; however, adding more memory to a cryptographic accelerator may reduce the amount of other functionality that may be included and/or increase the cost.
- Cryptographic processors and/or other types of signal processors and integrated circuits may use a hardware-based random number generator. Various conventional methods may be used to retrieve random numbers from an integrated circuit incorporating a random number generator. One method is for the random number generator to provide one or more data registers that a host processor may read to obtain random numbers. The host processor may tell the random number generator to provide more random data before or after retrieving random data from the registers. The random number generator may generate the random data in the background so that random data may be available when needed by the host processor.
- Another method for obtaining random data is for the host processor to request a block of random data from the random number generator. The host processor may provide the random number generator with a request that specifies an amount of random data and a location in memory where the random data should be placed. The random number generator may then generate the random data and transfer the random data to the requested location in the background.
- Unfortunately, by providing random data through data registers on the random number generator or other integrated circuit chip, any buffer management that may be desired is generally performed by the host processor. Moreover, the bus that connects the host processor with the random number generator may be used inefficiently because single data reads are typically used instead of block reads. If a host processor requests a block of random data, however, then the host processor may initiate the data transfers and any desired buffer-management that may be desired is generally performed by the host processor. The foregoing operations may be performed in the background and/or a fast host processor may be used; however, a faster host processor may increase system costs.
- Embodiments of the present invention provide cryptographic data processing systems, computer program products, and methods of operating same. For example, in accordance with embodiments of the present invention, cryptographic data processing systems comprise a host processor, a system memory coupled to the host processor, and a cryptographic processor integrated circuit that comprises a local memory. One or more operands are downloaded into the local memory from the system memory and the cryptographic processor executes an instruction that references one of the downloaded operands using a first relative position in the local memory. In further embodiments of the present invention, a result is generated based on the operand referenced when executing the instruction and this result is stored at a second relative position in the local memory. The first and second relative positions may comprise first and second offsets from a base address in the local memory. Advantageously, operands and results may be packed together in the local memory, which may conserve storage space.
- In accordance with further embodiments of the present invention, the performance of cryptographic data processing systems may be improved by providing separate command interfaces that are respectively associated with execution units in the cryptographic processor. For example, a plurality of execution units may be provided in the cryptographic processor. Commands blocks may be respectively provided to the execution units and these command blocks may be executed simultaneously by the plurality of execution units. By performing operations in parallel using a plurality of functional units, the total number of operations that may be performed may be increased and the average latency for completing operations may be reduced.
- Other features of the present invention will be more readily understood from the following detailed description of specific embodiments thereof when read in conjunction with the accompanying drawings, in which:
- FIG. 1 is a block diagram that illustrates cryptographic data processing systems, computer program products, and methods of operating same in accordance with embodiments of the present invention;
- FIG. 2 is a flowchart that illustrates operations of cryptographic data processing systems and computer program products in accordance with embodiments of the present invention;
- FIGS.3-5 are block diagrams that illustrate functional execution units of a cryptographic accelerator processor in accordance with embodiments of the present invention;
- FIG. 6 is a flowchart that illustrates operations of cryptographic data processing systems and computer program products in accordance with further embodiments of the present invention;
- FIGS.7-8 are block diagrams that illustrate an encryption/authentication command queue and a public key command queue, respectively, in accordance with embodiments of the present invention;
- FIGS.9-11 are flowcharts that illustrate operations of cryptographic data processing systems and computer program products in accordance with further embodiments of the present invention;
- FIGS.12A-12D are block diagrams that illustrate command blocks in accordance with embodiments of the present invention;
- FIG. 13 is a flowchart that illustrates operations of cryptographic data processing systems and computer program products in accordance with further embodiments of the present invention;
- FIGS. 14A, 14B, and15 are block diagrams that illustrate command blocks in accordance with further embodiments of the present invention;
- FIGS. 16 and 17 are flowcharts that illustrate operations of cryptographic data processing systems and computer program products in accordance with further embodiments of the present invention;
- FIG. 18 is a block diagram that illustrates a random number generator data queue in accordance with embodiments of the present invention;
- FIG. 19 is a flowchart that illustrates operations of cryptographic data processing systems and computer program products in accordance with further embodiments of the present invention;
- FIG. 20 is a block diagram that illustrates a command interface for a conventional application specific integrated circuit;
- FIG. 21 is a block diagram that illustrates parallel command interfaces for an application specific integrated circuit in accordance with embodiments of the present invention;
- FIG. 22 is a block diagram of a cryptographic accelerator processor in which command interface managers are respectively associated with functional execution units in accordance with embodiments of the present invention; and
- FIG. 23 is a flowchart that illustrates operations of cryptographic data processing systems and computer program products in accordance with further embodiments of the present invention.
- While the invention is susceptible to various modifications and alternative forms, specific embodiments thereof are shown by way of example in the drawings and will herein be described in detail. It should be understood, however, that there is no intent to limit the invention to the particular forms disclosed, but on the contrary, the invention is to cover all modifications, equivalents, and alternatives falling within the spirit and scope of the invention as defined by the claims. Like reference numbers signify like elements throughout the description of the figures. It will also be understood that when an element is referred to as being “connected” or “coupled” to another element, it can be directly connected or coupled to the other element or intervening elements may also be present. In contrast, when an element is referred to as being “directly connected” or “directly coupled” to another element, there are no intervening elements present.
- The present invention may be embodied as methods, data processing systems, and/or computer program products. Accordingly, the present invention may be embodied in hardware and/or in software (including firmware, resident software, micro-code, etc.). Furthermore, the present invention may take the form of a computer program product on a computer-usable or computer-readable storage medium having computer-usable or computer-readable program code embodied in the medium for use by or in connection with an instruction execution system. In the context of this document, a computer-usable or computer-readable medium may be any medium that can contain, store, communicate, propagate, or transport the program for use by or in connection with the instruction execution system, apparatus, or device.
- The computer-usable or computer-readable medium may be, for example but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, device, or propagation medium. More specific examples (a nonexhaustive list) of the computer-readable medium would include the following: an electrical connection having one or more wires, a portable computer diskette, a random access memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or Flash memory), an optical fiber, and a portable compact disc read-only memory (CD-ROM). Note that the computer-usable or computer-readable medium could even be paper or another suitable medium upon which the program is printed, as the program can be electronically captured, via, for instance, optical scanning of the paper or other medium, then compiled, interpreted, or otherwise processed in a suitable manner, if necessary, and then stored in a computer memory.
- Referring now to FIG. 1, an exemplary cryptographic
data processing system 12, in accordance with embodiments of the present invention, comprises acryptographic accelerator processor 14, ahost processor 16, acache memory 18, asystem memory 22, and a system bus controller 24, such as a north-bridge system controller. The system bus controller 24 couples thehost processor 16 to thecache memory 18 and thesystem memory 22, and also couples thehost processor 16 and thesystem memory 22 to thecryptographic accelerator processor 14 via asystem bus 26, which may be, for example, a peripheral component interconnect (PCI) bus. Thehost processor 16 may be, for example, a commercially available or custom microprocessor. Thesystem memory 22 is representative of an overall hierarchy of memory devices containing the software and data used to implement the functionality of the cryptographicdata processing system 12. Thesystem memory 22 may include, but is not limited to, the following types of devices: ROM, PROM, EPROM, EEPROM, flash, SRAM, and DRAM. - In accordance with embodiments of the present invention, the
cryptographic accelerator processor 14 comprises a random number generator (RNG)execution unit 28, an encryption/authentication (E/A)execution unit 32, and a public key (PK)engine execution unit 34, which are coupled to alocal memory 36 via a local bus 38. In accordance with particular embodiments of the present invention, thesystem memory 22 contains a random number (RN)data queue 42, an E/A command queue 44, aPK command queue 46, and data buffer(s) 47. - Although FIG. 1 illustrates an exemplary cryptographic data processing system architecture, it will be understood that the present invention is not limited to such a configuration, but is intended to encompass any configuration capable of carrying out operations described herein. Computer program code for carrying out operations of embodiments of the cryptographic
data processing system 12 may be written in a high-level programming language, such as C or C++, for development convenience. Nevertheless, some modules or routines may be written in assembly language or even micro-code to enhance performance and/or memory usage. It will be further appreciated that the functionality of any or all of the program modules may also be implemented using discrete hardware components, a single application specific integrated circuit (ASIC), or a programmed digital signal processor or microcontroller. - The present invention is described hereinafter with reference to flowchart and/or block diagram illustrations of methods, data processing systems, and/or computer program products in accordance with exemplary embodiments of the invention. It will be understood that each block of the flowchart and/or block diagram illustrations, and combinations of blocks in the flowchart and/or block diagram illustrations, may be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, a special purpose computer, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions/acts specified in the flowchart and/or block diagram block or blocks.
- These computer program instructions may also be stored in a computer usable or computer-readable memory that may direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer usable or computer-readable memory produce an article of manufacture including instructions that implement the function/act specified in the flowchart and/or block diagram block or blocks.
- The computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions that execute on the computer or other programmable apparatus provide steps for implementing the functions/acts specified in the flowchart and/or block diagram block or blocks.
- Exemplary operations of cryptographic data processing systems, computer program products, and methods of operating same, in accordance with embodiments of the present invention, will be described hereafter. Referring now to FIG. 2, the
host processor 16 loads a command block into one of thecommand queues block 52. Thecryptographic accelerator processor 14 may be notified by thehost processor 16 that the command block is available for processing or may periodically access thecommand queues 44, and/or 46 to determine if a command block is available for processing. Thecryptographic accelerator processor 14 downloads the command block from one of thecommand queues block 54. Once thecryptographic accelerator processor 14 completes execution of the command block, thehost processor 16 is notified atblock 56. Thus, according to embodiments of the present invention, thehost processor 16 need not spend time interacting directly with the cryptographic accelerator processor 14 (e.g., issuing a command to thecryptographic accelerator processor 14, waiting for that command to complete, and then issuing another command). Instead, thehost processor 16 may load commands intocommand queues cryptographic accelerator processor 14. Moreover, the size and number of command block sequences may be less constrained because the availability of system memory is generally more abundant. - Referring now to FIGS.3-5, the
RNG execution unit 28, the E/A execution unit 32, and the PKengine execution unit 34 may use various registers that facilitate communication with theRN data queue 42 and thecommand queues status register 62, a RN data queuebase address register 64, a RN dataqueue size register 66, and a RN dataqueue pointer register 68 may be defined for use by theRNG execution unit 28. The control/status register 62 may include a self-test error field, which may be set if theRNG execution unit 28 generates two successive random number samples that are the same, and/or an error flag field, which may be used to notify thehost processor 16 of an error on thesystem bus 26. The RN data queuebase address register 64 may be used to hold the base address of theRN data queue 42 in thesystem memory 22. If theRN data queue 42 does not have a fixed size, then the RN dataqueue size register 66 may be used to hold the size of theRN data queue 42. The RN dataqueue pointer register 68 may comprise aread pointer 72 portion and awrite pointer 74 portion, which may be used by theRNG execution unit 28 and thehost processor 16 as will be discussed in more detail hereinafter. - As shown in FIG. 4, a control/
status register 82, an E/A command queuebase address register 84, an E/A commandqueue size register 86, and an E/A commandqueue pointer register 88 may be defined for use by the E/A execution unit 32. The control/status register 82 may include an interrupt flag field, which may be set if thehost processor 16 requests an interrupt upon completion of a command block and/or if execution of a command block fails and/or an error flag field, which may be used to notify thehost processor 16 of an error on thesystem bus 26. The E/A command queuebase address register 84 may be used to hold the base address of the E/A command queue 44 in thesystem memory 22. If the E/A command queue 44 does not have a fixed size, then the E/A commandqueue size register 86 may be used to hold the size of the E/A command queue 44. The E/A commandqueue pointer register 88 may comprise aread pointer 92 portion and awrite pointer 94 portion, which may be used by the E/A execution unit 32 and thehost processor 16, respectively, as will be discussed in more detail hereinafter. - As shown in FIG. 5, a control/
status register 102, a PK command queuebase address register 104, a PK commandqueue size register 106, and a PK commandqueue pointer register 108 may be defined for use by the PKengine execution unit 34. The control/status register 102 may include an interrupt flag field, which may be set if thehost processor 16 requests an interrupt upon completion of a command block and/or if execution of a command block fails and/or an error flag field, which may be used to notify thehost processor 16 of an error on thesystem bus 26. The PK command queuebase address register 104 may be used to hold the base address of thePK command queue 46 in thesystem memory 22. If thePK command queue 46 does not have a fixed size, then the PK commandqueue size register 106 may be used to hold the size of thePK command queue 46. The PK commandqueue pointer register 108 may comprise aread pointer 112 portion and awrite pointer 114 portion, which may be used by the PKengine execution unit 34 and thehost processor 16, respectively, as will be discussed in more detail hereinafter. - Referring now to FIG. 6, operations for loading a command block into the E/
A command queue 44 and/or thePK command queue 46, in accordance with embodiments of the present invention, will be described in more detail hereafter. In general, thehost processor 16 writes commands into thecommand queues pointers 94 and 114). Before writing a command block into a command queue, however, the host processor determines atblock 122 whether the write address plus the command block size equals the read address stored in thecorresponding read pointer block 122 is “Yes,” then thehost processor 16 postpones loading a new command block into the command queue until thecryptographic accelerator processor 14 has incremented the read address. If, however, the result determined atblock 122 is “No,” then thehost processor 16 loads a command block into the command queue atblock 124 at the write address associated with the command queue and then increments the write address atblock 126 by an amount corresponding to the size of the loaded command block. Thehost processor 16 need not check the current read address every time a new command block is loaded. Instead, thehost processor 16 may check the read address when the write address is getting close to the last value thehost processor 16 has for the read address. Checking the read address may be expensive in terms of processor cycles consumed. By checking the read address only when the read address is getting close to the write address (e.g., within a predefined threshold),host processor 16 cycles may be conserved. - The foregoing operations are illustrated, for example, in FIGS. 7 and 8, which show embodiments of the E/
A command queue 44 and thePK command queue 46, respectively. As shown in FIGS. 7 and 8, both the E/A command queue 44 and thePK command queue 46 are configured to hold m command blocks, which each comprise eight, thirty-two bit words. Thehost processor 16 has written a single command block into the first command block position (i.e., the “0” position) and the write address has been incremented to point to the next empty command block slot. The addresses used in FIGS. 7 and 8 are based on command block slot numbers for purposes of illustration. These addresses may be converted into absolute addresses by multiplying the command block slot number by 256 and adding the resulting product to the respective base addresses for the command queues, which are stored in the E/A command queuebase address register 84 and the PK command queuebase address register 104, respectively. Note that the test used atblock 122 of FIG. 6 to determine whether a new command block may be loaded into a command queue implies that if a command queue may hold up to m command blocks, then only m−1 command blocks may be stored in the command queue at the same time. - Referring now to FIG. 9, operations for executing a command block that has been loaded into the E/
A command queue 44 and/or thePK command queue 46, in accordance with embodiments of the present invention, will be described in more detail hereafter. Atblock 132, thecryptographic accelerator processor 14 determines whether the write address is equal to the read address. Specifically, the E/A execution unit 32 determines whether the write address is equal to the read address for the E/A command queue 44 and the PKengine execution unit 34 determines whether the write address is equal to the read address for thePK command queue 46. If the result determined atblock 132 is “Yes,” then thecryptographic processor 14 waits until thehost processor 16 loads a new command block into the command queue. If, however, the result determined atblock 132 is “No,” then thecryptographic accelerator processor 14 downloads the command block at the read address associated with the command queue and executes the command block atblock 134. In particular embodiments of the present invention, multiple command blocks may be downloaded for execution on thecryptographic accelerator processor 14 at the same time, which may further improve performance. Thecryptographic accelerator processor 14 then increments the read address atblock 136 by an amount corresponding to the size of the executed command block. - Returning to FIGS. 7 and 8, the read addresses are set to point to the first command block slot, which has been loaded with a command block by the
host processor 16. The E/A execution unit 32 and the PKengine execution unit 34 may read the command blocks loaded in the E/A command queue 44 and thePK command queue 46, respectively, with only minimal interaction with thehost processor 16, e.g., maintenance of theread pointers write pointers cryptographic accelerator processor 14 may continue to execute commands located in a circular command queue in system memory until the read address equals the write address for that command queue. - In accordance with further embodiments of the present invention, interaction between the
host processor 16 and thecryptographic accelerator processor 14 may be further reduced and overall system performance improved by including load and store commands in the cryptographic accelerator processor's command set. Referring now to FIG. 10, a load command loads one or more operands from the system memory 22 (e.g., the data buffer(s) 47) to thelocal memory 36 atblock 142. Thecryptographic accelerator processor 14 then performs one or more operations on the operand(s) atblock 144 to generate a result that is stored in thelocal memory 36. A store command then stores the result in thesystem memory 22 atblock 146. Advantageously, thehost processor 16 need not consume processing time downloading operands to thecryptographic accelerator processor 14 and/or uploading results from thecryptographic accelerator processor 14 into thesystem memory 22. - To improve utilization of the chip area used to implement the
cryptographic accelerator processor 14, at least a portion of the operands downloaded from thesystem memory 22 may be stored in thelocal memory 36. Instead of using a register number to identify the location of operands and results, an offset is used that identifies the relative position of the operands and results in thelocal memory 36. For example, to perform the operation “a+b=c,” acryptographic accelerator processor 14 instruction may indicate that “a” is at offset 0 relative to a base address of thelocal memory 36, “b” is at offset 8 relative to the base address of thelocal memory 36, and the result “c” should be placed at offset 122 relative to the base address of thelocal memory 36. In accordance with further embodiments of the present invention, the result generated in thelocal memory 36 may also be stored in a result field of a command block, which is located in one of thecommand queues system memory 22. Advantageously, operands and results may be packed together into thelocal memory 36, which may conserve storage space. Because there is no wasted space in storing the operands and results in thelocal memory 36, memory utilization may be improved. If thecryptographic accelerator processor 14 needs to be redesigned to handle larger operands, then thelocal memory 36 may be easier to resize than resizing several registers. - In accordance with further embodiments of the present invention, interaction between the
host processor 16 and thecryptographic accelerator processor 14 may be further reduced and overall system performance improved by allowing thecryptographic accelerator processor 14 to inform thehost processor 16 when command blocks have been executed. Referring now to FIG. 11, thehost processor 16 loads a command block into one of thecommand queues block 152. As shown in FIG. 12A, the command block may include an interrupt field, which may be set by thehost processor 16 to turn an interrupt request on or off. Thecryptographic accelerator processor 14 downloads the command block from one of thecommand queues block 154. Thecryptographic accelerator processor 14 may optionally store error information in the command block as shown in FIG. 12B atblock 156. The error information may comprise information that is associated with downloading the command block to thecryptographic accelerator processor 14 and/or executing the command block on thecryptographic accelerator processor 14. Atblock 158, if an interrupt has been requested in the interrupt field of the command block, then thecryptographic accelerator processor 14 invokes an interrupt to notify thehost processor 16 that the command block has completed. - In other embodiments of the present invention, instead of invoking an interrupt to notify the
host processor 16 that a command block has been executed, thecryptographic accelerator processor 14 may update a completion field in the command block as shown in FIG. 12C. In addition, a periodic interrupt may be defined that upon each occurrence triggers thehost processor 16 to check one or more of thecommand queues cryptographic accelerator processor 14 may store the results from executing a command block in the command block as shown in FIG. 12D. - In still other embodiments of the present invention, the
host processor 16 may set a timer when storing a command block into acommand queue host processor 16 may check to determine whether the command block has been executed. Advantageously, the status of a command block may be determined by thehost processor 16 without the need to process an interrupt from thecryptographic accelerator processor 14. - In accordance with further embodiments of the present invention, improved utilization of the
system memory 22 may be attained by re-using at least a portion of a command block that contains input data to store a result or output that is generated by an adjunct processor, such as thecryptographic accelerator processor 14, upon executing the command block. It is assumed that the size of the result or output is small enough to fit into the portion of the command block containing the input data that is to be overwritten. In addition, the region of the command block in which the result or output is stored should be selected carefully to ensure that the input data that is overwritten is no longer needed by thehost processor 16 after the command block has been executed by the adjunct processor. - Referring now to FIG. 13, exemplary operations begin at
block 162 where the host processor loads a command block that includes input data into one of thecommand queues system memory 22. Note that that instead of or in addition to including input data into the command block, the command block may include pointers to input data that reside, for example, in the data buffer(s) 47 in thesystem memory 22. An adjunct processor, such as thecryptographic accelerator processor 14, may download the command block and perform one or more operations on the input data to generate a result atblock 164. If the command block includes pointers to input data, then the data are separately downloaded to thecryptographic accelerator processor 14 using the input data pointers. The result is then stored in the command block in thesystem memory 22 atblock 166 such that at least a portion of the input data is overwritten. Advantageously, the memory reserved for the command block in thesystem memory 22 may be reduced because additional storage space need not be reserved to store the result of executing the command block either in the command block or elsewhere in thesystem memory 22. - The foregoing operations are illustrated by way of example in FIGS. 14A and 14B, which show an exemplary command block for decrypting an encrypted packet. Specifically, in FIG. 14A, a command block is shown that comprises a field that contains a hash key for the encrypted packet and another field that contains input information. The
cryptographic accelerator processor 14 downloads the command block of FIG. 14A and performs hash operations using the hash key and input information to generate a hash value. As shown in FIG. 14B, this hash value is then stored in the command block in thesystem memory 22 by overwriting the input information, which is no longer needed once the hash value has been computed. Note that the input information may be one or more pointers to input data stored, for example, in the data buffer(s) 47 in thesystem memory 22. - In accordance with further embodiments of the present invention illustrated in FIG. 15, the command block may include an input pointer field and/or an output pointer field, which are used to identify the location of the encrypted packet in the
system memory 22 and the location where the decrypted packet is to be stored in thesystem memory 22. For example, thecryptographic accelerator processor 14 may use the input pointer to download the encrypted packet from thesystem memory 22 and may then decrypt the encrypted packet using the hash key and input information to generate a hash value as discussed hereinabove. Note that the input information may be one or more pointers to input data stored, for example, in the data buffer(s) 47 in thesystem memory 22. The hash value may be attached to the decrypted packet and the decrypted packet with the attached hash value may be stored in thesystem memory 22 at the address identified by the output pointer field in the command block. - Cryptographic processors and/or other types of signal processors and integrated circuits may use a hardware-based random number generator. The
cryptographic accelerator processor 14 may include aRNG execution unit 28 that may be used to generate random numbers for use by other execution units of thecryptographic accelerator processor 14 and/or thehost processor 16. Exemplary operations that may be used to reduce interaction between thehost processor 16 and thecryptographic accelerator processor 14 and to improve overall system performance will be described hereafter. Referring now to FIG. 16, operations begin atblock 172 where thecryptographic accelerator processor 14 loads a random number sample into theRN data queue 42 beginning at the write address stored in thewrite pointer field 74 of the RN data queue pointer register 68 (see FIG. 3). Atblock 174 thehost processor 16 reads the random number sample in theRN data queue 42 beginning at the read address stored in the readpointer field 72 of the RN data queue pointer register 68 (see FIG. 3). Thus, according to embodiments of the present invention, thehost processor 16 need not spend time interacting directly with thecryptographic accelerator processor 14 to request blocks of random data and/or reading random data from, for example, one or more registers on thecryptographic accelerator processor 14 chip. - Referring now to FIG. 17, operations for loading a random number sample into the
RN data queue 42, in accordance with embodiments of the present invention, will be described in more detail hereafter. Before writing a random number sample into theRN data queue 42, thecryptographic accelerator processor 14 determines atblock 182 whether the write address plus the random number sample size equals the read address stored in the readpointer field 72. If the result determined atblock 182 is “Yes,” then thecryptographic processor 14 postpones loading a new random number sample into theRN data queue 42 until thehost processor 16 has incremented the read address. If, however, the result determined atblock 182 is “No,” then thecryptographic processor 14 loads a random number sample into theRN data queue 42 atblock 184 at the write address stored in thewrite pointer field 74 and then increments the write address atblock 186 by an amount corresponding to the size of the loaded random number sample. - Note that in accordance with embodiments of the present invention, the
cryptographic processor 14 may include a register and/or may recognize a command block that may be written to thecryptographic processor 14 that allows thehost processor 16 to, for example, provide thecryptographic processor 14 with a random number seed and/or instruct thecryptographic processor 14 to begin generating random numbers. - The foregoing operations are illustrated, for example, in FIG. 18, which shows an exemplary embodiment of the
RN data queue 42. As shown in FIG. 18, theRN data queue 42 is configured to hold 512 random number samples, which each comprise 64 bits. Thecryptographic processor 14 has written four random number samples intoaddresses 1 through 4 and the write address has been incremented to point to the next available address, which is empty or contains data that have already been read by thehost processor 16. The addresses shown in FIG. 18 are based on random number sample units for purposes of illustration. These addresses may be converted into absolute addresses by multiplying the random number sample number by 64 and adding the resulting product to the respective base address for theRN data queue 42, which is stored in the RN data queuebase address register 64. Note that the test used atblock 182 of FIG. 17 to determine whether a new random number sample may be loaded into theRN data queue 42 implies that if theRN data queue 42 may hold up to m random number samples, then only m−1 random number samples may be stored in theRN data queue 42 at the same time. Thus, if theRN data queue 42 is filled to its capacity, then it may hold 32,704 bits (511, 64-bit random number samples), which exceeds the 20,000 bits required by the Federal Information Processing Standard (FIPS) 140-1, Security Requirements for Cryptographic Modules issued Jan. 11, 1994. - Referring now to FIG. 19, operations for reading a command block that has been loaded into the
RN data queue 42, in accordance with embodiments of the present invention, will be described in more detail hereafter. Atblock 192, thehost processor 16 determines whether the write address is equal to the read address. If the result determined atblock 192 is “Yes,” then thehost processor 16 waits until thecryptographic accelerator processor 14 loads a new random number sample into theRN data queue 42. If, however, the result determined atblock 192 is “No,” then thehost processor 16 reads the random number sample at the read address stored in the readpointer field 72 atblock 194. Thehost processor 16 then increments the read address atblock 196 by an amount corresponding to the size of the random number sample. Thehost processor 16 need not check the current write address every time a new random number sample is read. Instead, thehost processor 16 may check the write address when the read address is getting close to the last value thehost processor 16 has for the write address. - Thus, according to embodiments of the present invention, a
cryptographic accelerator processor 14 may provide random number samples for use by ahost processor 16 with reduced interaction between thehost processor 16 and thecryptographic accelerator processor 14. In general, thehost processor 14 need only interact with thecryptographic accelerator processor 14 to update the read address and to check the value of the write address when the read address approaches the last value thehost processor 14 has for the write address. In addition, thecryptographic accelerator processor 14 may manage the buffering of the random number samples, which may conserve processor cycles of thehost processor 16 and may reduce transactions on thesystem bus 26, which may improve overall system performance. - The performance of cryptographic data processing systems may be affected by the system architecture and the methodology used to perform operations. For example, conventional cryptographic data processing systems may comprise one or more ASICs, such as the
ASIC 202 shown in FIG. 20. TheASIC 202 comprises a plurality offunctional units ASIC 202 serially and then routed to the appropriatefunctional unit ASIC 202. Thus, theASIC 202 typically processes commands sequentially such that a first command must finish before a subsequent command may be processed even if the commands are executed by different functional units. - Referring now to FIG. 21, the performance of cryptographic data processing systems may be improved, in accordance with embodiments of the present invention, by providing separate command interfaces that are respectively associated with the functional units such that each functional unit may receive command inputs and may generate command outputs and/or results independently of other functional units. As shown in FIG. 21, an
ASIC 212 includes a plurality offunctional units functional unit functional units - Referring now to FIG. 22, the
functional units A execution unit 32, theRNG execution unit 28, and the PKengine execution unit 34. The E/A execution unit 32 comprises acommand interface manager 222, theRNG execution unit 28 comprises acommand interface manager 224, and the PKengine execution unit 34 comprises acommand interface manager 226. These respectivecommand interface managers A command queue 44, to transmit random number samples to theRN data queue 42, and to receive input command blocks from thePK command queue 46, respectively, and to allow therespective execution units - Referring now to FIG. 23, operations of cryptographic data processing systems in which command interface managers are respectively associated with a plurality of functional units, in accordance with embodiments of the present invention, will be described hereafter. Operations begin at
block 232 where one or more command blocks are provided to each of the functional units, such as, for example, by providing command blocks in the E/A command queue 44 and thePK command queue 46 for the E/A execution unit 32 and the PKengine execution unit 34, respectively. Atblock 234, the command blocks are simultaneously executed by the functional units by accessing the command blocks in parallel through, for example, thecommand interface manager 222 and thecommand interface manager 226, which are associated with the E/A execution unit 32 and the PKengine execution unit 34, respectively. - Note that command blocks may be provided to the
cryptographic processor 14 in serial fashion over the system bus 24. Nevertheless, thecryptographic processor 14 may distribute command blocks to thecommand interface managers execution units - For purposes of illustration, exemplary embodiments of the present invention have been discussed hereinabove in which operations related to random number generation, encryption/authentication, and public key generation are performed in parallel based on functional units defined therefor. It will be understood that the operations that may be performed in parallel may be adjusted based on requirements and/or needs. Moreover, commands may be provided to the command interface managers in a variety of ways. A processor may write commands directly to the command interface managers or, alternatively, commands may be stored in a memory and the command interface managers may be provided with the addresses where they may retrieve the stored commands for execution.
- In summary, by performing operations in parallel using a plurality of functional units, the total number of operations that may be performed may be increased and the average latency for completing operations may be reduced.
- The flowcharts of FIGS. 2, 6,9-11, 13, 16, 17, 19, and 23 illustrate the architecture, functionality, and operations of possible embodiments of the cryptographic
data processing system 12 of FIG. 1. In this regard, each block may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that in some alternative embodiments, the functions noted in the blocks may occur out of the order noted in FIGS. 2, 6, 9-11, 13, 16, 17, 19, and 23. For example, two blocks shown in succession may in fact be executed substantially concurrently or the blocks may sometimes be executed in the reverse order, depending on the functionality involved. - In concluding the detailed description, it should be noted that many variations and modifications can be made to the preferred embodiments without substantially departing from the principles of the present invention. All such variations and modifications are intended to be included herein within the scope of the present invention, as set forth in the following claims.
Claims (40)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US09/852,937 US20020004904A1 (en) | 2000-05-11 | 2001-05-10 | Cryptographic data processing systems, computer program products, and methods of operating same in which multiple cryptographic execution units execute commands from a host processor in parallel |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US20340900P | 2000-05-11 | 2000-05-11 | |
US09/852,937 US20020004904A1 (en) | 2000-05-11 | 2001-05-10 | Cryptographic data processing systems, computer program products, and methods of operating same in which multiple cryptographic execution units execute commands from a host processor in parallel |
Publications (1)
Publication Number | Publication Date |
---|---|
US20020004904A1 true US20020004904A1 (en) | 2002-01-10 |
Family
ID=22753864
Family Applications (4)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US09/849,853 Expired - Fee Related US6820105B2 (en) | 2000-05-11 | 2001-05-04 | Accelerated montgomery exponentiation using plural multipliers |
US09/849,667 Expired - Fee Related US6691143B2 (en) | 2000-05-11 | 2001-05-04 | Accelerated montgomery multiplication using plural multipliers |
US09/852,937 Abandoned US20020004904A1 (en) | 2000-05-11 | 2001-05-10 | Cryptographic data processing systems, computer program products, and methods of operating same in which multiple cryptographic execution units execute commands from a host processor in parallel |
US09/852,562 Abandoned US20010042210A1 (en) | 2000-05-11 | 2001-05-10 | Cryptographic data processing systems, computer program products, and methods of operating same in which a system memory is used to transfer information between a host processor and an adjunct processor |
Family Applications Before (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US09/849,853 Expired - Fee Related US6820105B2 (en) | 2000-05-11 | 2001-05-04 | Accelerated montgomery exponentiation using plural multipliers |
US09/849,667 Expired - Fee Related US6691143B2 (en) | 2000-05-11 | 2001-05-04 | Accelerated montgomery multiplication using plural multipliers |
Family Applications After (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US09/852,562 Abandoned US20010042210A1 (en) | 2000-05-11 | 2001-05-10 | Cryptographic data processing systems, computer program products, and methods of operating same in which a system memory is used to transfer information between a host processor and an adjunct processor |
Country Status (4)
Country | Link |
---|---|
US (4) | US6820105B2 (en) |
EP (1) | EP1405170A2 (en) |
AU (2) | AU2001290508A1 (en) |
WO (2) | WO2001088692A2 (en) |
Cited By (23)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20030023846A1 (en) * | 1999-07-08 | 2003-01-30 | Broadcom Corporation | Classification engine in a cryptography acceleration chip |
US20030020621A1 (en) * | 2001-07-24 | 2003-01-30 | Kessler Richard E. | Method and apparatus for establishing secure sessions |
US20030046561A1 (en) * | 2001-08-31 | 2003-03-06 | Hamilton Jon W. | Non-algebraic cryptographic architecture |
US20040123096A1 (en) * | 2002-12-18 | 2004-06-24 | Broadcom Corporation | Cryptography accelerator data routing unit |
US20040123121A1 (en) * | 2002-12-18 | 2004-06-24 | Broadcom Corporation | Methods and apparatus for ordering data in a cryptography accelerator |
US20040123119A1 (en) * | 2002-12-18 | 2004-06-24 | Broadcom Corporation | Cryptography accelerator interface decoupling from cryptography processing cores |
US20040123120A1 (en) * | 2002-12-18 | 2004-06-24 | Broadcom Corporation | Cryptography accelerator input interface data handling |
US20040123123A1 (en) * | 2002-12-18 | 2004-06-24 | Buer Mark L. | Methods and apparatus for accessing security association information in a cryptography accelerator |
US20040230813A1 (en) * | 2003-05-12 | 2004-11-18 | International Business Machines Corporation | Cryptographic coprocessor on a general purpose microprocessor |
US20060026601A1 (en) * | 2004-07-29 | 2006-02-02 | Solt David G Jr | Executing commands on a plurality of processes |
US20060133604A1 (en) * | 2004-12-21 | 2006-06-22 | Mark Buer | System and method for securing data from a remote input device |
US7260217B1 (en) * | 2002-03-01 | 2007-08-21 | Cavium Networks, Inc. | Speculative execution for data ciphering operations |
US7305567B1 (en) | 2002-03-01 | 2007-12-04 | Cavium Networks, In. | Decoupled architecture for data ciphering operations |
CN100385366C (en) * | 2004-09-02 | 2008-04-30 | 国际商业机器公司 | Method for reducing encrypt latency impact on standard traffic and system thereof |
US20090113212A1 (en) * | 2007-10-30 | 2009-04-30 | International Business Machines Corporation | Multiprocessor electronic circuit including a plurality of processors and electronic data processing system |
US20090183161A1 (en) * | 2008-01-16 | 2009-07-16 | Pasi Kolinummi | Co-processor for stream data processing |
US20140189332A1 (en) * | 2012-12-28 | 2014-07-03 | Oren Ben-Kiki | Apparatus and method for low-latency invocation of accelerators |
US8856479B2 (en) | 2012-04-20 | 2014-10-07 | International Business Machines Corporation | Implementing storage adapter performance optimization with hardware operations completion coalescence |
US9264426B2 (en) | 2004-12-20 | 2016-02-16 | Broadcom Corporation | System and method for authentication via a proximate device |
US9417873B2 (en) | 2012-12-28 | 2016-08-16 | Intel Corporation | Apparatus and method for a hybrid latency-throughput processor |
US9542193B2 (en) | 2012-12-28 | 2017-01-10 | Intel Corporation | Memory address collision detection of ordered parallel threads with bloom filters |
US10140129B2 (en) | 2012-12-28 | 2018-11-27 | Intel Corporation | Processing core having shared front end unit |
US10346195B2 (en) | 2012-12-29 | 2019-07-09 | Intel Corporation | Apparatus and method for invocation of a multi threaded accelerator |
Families Citing this family (76)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7240204B1 (en) * | 2000-03-31 | 2007-07-03 | State Of Oregon Acting By And Through The State Board Of Higher Education On Behalf Of Oregon State University | Scalable and unified multiplication methods and apparatus |
US6820105B2 (en) * | 2000-05-11 | 2004-11-16 | Cyberguard Corporation | Accelerated montgomery exponentiation using plural multipliers |
JP3785044B2 (en) * | 2001-01-22 | 2006-06-14 | 株式会社東芝 | Power residue calculation device, power residue calculation method, and recording medium |
US6836839B2 (en) * | 2001-03-22 | 2004-12-28 | Quicksilver Technology, Inc. | Adaptive integrated circuitry with heterogeneous and reconfigurable matrices of diverse and adaptive computational units having fixed, application specific computational elements |
US7752419B1 (en) | 2001-03-22 | 2010-07-06 | Qst Holdings, Llc | Method and system for managing hardware resources to implement system functions using an adaptive computing architecture |
US7400668B2 (en) * | 2001-03-22 | 2008-07-15 | Qst Holdings, Llc | Method and system for implementing a system acquisition function for use with a communication device |
US7489779B2 (en) * | 2001-03-22 | 2009-02-10 | Qstholdings, Llc | Hardware implementation of the secure hash standard |
US7962716B2 (en) | 2001-03-22 | 2011-06-14 | Qst Holdings, Inc. | Adaptive integrated circuitry with heterogeneous and reconfigurable matrices of diverse and adaptive computational units having fixed, application specific computational elements |
US20040133745A1 (en) * | 2002-10-28 | 2004-07-08 | Quicksilver Technology, Inc. | Adaptable datapath for a digital processing system |
US7653710B2 (en) * | 2002-06-25 | 2010-01-26 | Qst Holdings, Llc. | Hardware task manager |
US6577678B2 (en) | 2001-05-08 | 2003-06-10 | Quicksilver Technology | Method and system for reconfigurable channel coding |
JP2002358010A (en) * | 2001-05-31 | 2002-12-13 | Mitsubishi Electric Corp | Exponentiation remainder computing element |
US7194088B2 (en) * | 2001-06-08 | 2007-03-20 | Corrent Corporation | Method and system for a full-adder post processor for modulo arithmetic |
US8117450B2 (en) * | 2001-10-11 | 2012-02-14 | Hewlett-Packard Development Company, L.P. | System and method for secure data transmission |
DE10151129B4 (en) * | 2001-10-17 | 2004-07-29 | Infineon Technologies Ag | Method and device for calculating a result of an exponentiation in a cryptography circuit |
US7046635B2 (en) * | 2001-11-28 | 2006-05-16 | Quicksilver Technology, Inc. | System for authorizing functionality in adaptable hardware devices |
US6986021B2 (en) | 2001-11-30 | 2006-01-10 | Quick Silver Technology, Inc. | Apparatus, method, system and executable module for configuration and operation of adaptive integrated circuitry having fixed, application specific computational elements |
US8412915B2 (en) | 2001-11-30 | 2013-04-02 | Altera Corporation | Apparatus, system and method for configuration of adaptive integrated circuitry having heterogeneous computational elements |
US7602740B2 (en) * | 2001-12-10 | 2009-10-13 | Qst Holdings, Inc. | System for adapting device standards after manufacture |
US7215701B2 (en) | 2001-12-12 | 2007-05-08 | Sharad Sambhwani | Low I/O bandwidth method and system for implementing detection and identification of scrambling codes |
US7088825B2 (en) * | 2001-12-12 | 2006-08-08 | Quicksilver Technology, Inc. | Low I/O bandwidth method and system for implementing detection and identification of scrambling codes |
US7231508B2 (en) * | 2001-12-13 | 2007-06-12 | Quicksilver Technologies | Configurable finite state machine for operation of microinstruction providing execution enable control value |
GB2383435A (en) * | 2001-12-18 | 2003-06-25 | Automatic Parallel Designs Ltd | Logic circuit for performing modular multiplication and exponentiation |
US7403981B2 (en) * | 2002-01-04 | 2008-07-22 | Quicksilver Technology, Inc. | Apparatus and method for adaptive multimedia reception and transmission in communication environments |
JP2003241659A (en) * | 2002-02-22 | 2003-08-29 | Hitachi Ltd | Information processing method |
US7346159B2 (en) * | 2002-05-01 | 2008-03-18 | Sun Microsystems, Inc. | Generic modular multiplier using partial reduction |
US7328414B1 (en) * | 2003-05-13 | 2008-02-05 | Qst Holdings, Llc | Method and system for creating and programming an adaptive computing engine |
US7660984B1 (en) | 2003-05-13 | 2010-02-09 | Quicksilver Technology | Method and system for achieving individualized protected space in an operating system |
US8108656B2 (en) | 2002-08-29 | 2012-01-31 | Qst Holdings, Llc | Task definition for specifying resource requirements |
JP4360792B2 (en) * | 2002-09-30 | 2009-11-11 | 株式会社ルネサステクノロジ | Power-residue calculator |
US7937591B1 (en) | 2002-10-25 | 2011-05-03 | Qst Holdings, Llc | Method and system for providing a device which can be adapted on an ongoing basis |
US8276135B2 (en) | 2002-11-07 | 2012-09-25 | Qst Holdings Llc | Profiling of software and circuit designs utilizing data operation analyses |
US7225301B2 (en) | 2002-11-22 | 2007-05-29 | Quicksilver Technologies | External memory controller node |
US7260595B2 (en) * | 2002-12-23 | 2007-08-21 | Arithmatica Limited | Logic circuit and method for carry and sum generation and method of designing such a logic circuit |
GB0314557D0 (en) * | 2003-06-21 | 2003-07-30 | Koninkl Philips Electronics Nv | Improved reduction calculations |
US7609297B2 (en) * | 2003-06-25 | 2009-10-27 | Qst Holdings, Inc. | Configurable hardware based digital imaging apparatus |
US8194855B2 (en) * | 2003-06-30 | 2012-06-05 | Oracle America, Inc. | Method and apparatus for implementing processor instructions for accelerating public-key cryptography |
US7200837B2 (en) * | 2003-08-21 | 2007-04-03 | Qst Holdings, Llc | System, method and software for static and dynamic programming and configuration of an adaptive computing architecture |
US20050157872A1 (en) * | 2003-11-12 | 2005-07-21 | Takatoshi Ono | RSA public key generation apparatus, RSA decryption apparatus, and RSA signature apparatus |
US7543158B2 (en) * | 2004-03-23 | 2009-06-02 | Texas Instruments Incorporated | Hybrid cryptographic accelerator and method of operation thereof |
US8526601B2 (en) * | 2004-04-05 | 2013-09-03 | Advanced Micro Devices, Inc. | Method of improving operational speed of encryption engine |
WO2005109221A2 (en) * | 2004-05-03 | 2005-11-17 | Silicon Optix | A bit serial processing element for a simd array processor |
US7519644B2 (en) * | 2004-05-27 | 2009-04-14 | King Fahd University Of Petroleum And Minerals | Finite field serial-serial multiplication/reduction structure and method |
US7668895B2 (en) * | 2004-12-01 | 2010-02-23 | Integrated System Solution Corp. | Galois field computation |
US7602655B2 (en) * | 2006-01-12 | 2009-10-13 | Mediatek Inc. | Embedded system |
US8364965B2 (en) * | 2006-03-15 | 2013-01-29 | Apple Inc. | Optimized integrity verification procedures |
US7817799B2 (en) * | 2006-09-07 | 2010-10-19 | International Business Machines Corporation | Maintaining encryption key integrity |
US20080126753A1 (en) * | 2006-09-25 | 2008-05-29 | Mediatek Inc. | Embedded system and operating method thereof |
US20090234866A1 (en) * | 2008-03-17 | 2009-09-17 | Paul Caprioli | Floating Point Unit and Cryptographic Unit Having a Shared Multiplier Tree |
US20100011047A1 (en) * | 2008-07-09 | 2010-01-14 | Viasat, Inc. | Hardware-Based Cryptographic Accelerator |
US8356185B2 (en) * | 2009-10-08 | 2013-01-15 | Oracle America, Inc. | Apparatus and method for local operand bypassing for cryptographic instructions |
JP5990466B2 (en) | 2010-01-21 | 2016-09-14 | スビラル・インコーポレーテッド | Method and apparatus for a general purpose multi-core system for implementing stream-based operations |
US8560814B2 (en) | 2010-05-04 | 2013-10-15 | Oracle International Corporation | Thread fairness on a multi-threaded processor with multi-cycle cryptographic operations |
US8583902B2 (en) | 2010-05-07 | 2013-11-12 | Oracle International Corporation | Instruction support for performing montgomery multiplication |
WO2013036217A1 (en) * | 2011-09-06 | 2013-03-14 | Intel Corporation | Number squaring computer-implemented method and apparatus |
US8799343B2 (en) * | 2011-09-22 | 2014-08-05 | Intel Corporation | Modular exponentiation with partitioned and scattered storage of Montgomery Multiplication results |
US9355068B2 (en) | 2012-06-29 | 2016-05-31 | Intel Corporation | Vector multiplication with operand base system conversion and re-conversion |
US10095516B2 (en) | 2012-06-29 | 2018-10-09 | Intel Corporation | Vector multiplication with accumulation in large register space |
KR101538424B1 (en) * | 2012-10-30 | 2015-07-22 | 주식회사 케이티 | Terminal for payment and local network monitoring |
US9455907B1 (en) | 2012-11-29 | 2016-09-27 | Marvell Israel (M.I.S.L) Ltd. | Multithreaded parallel packet processing in network devices |
GB2511843B (en) * | 2013-03-15 | 2015-05-13 | Eisergy Ltd | A power factor correction circuit |
JP6102649B2 (en) * | 2013-09-13 | 2017-03-29 | 株式会社ソシオネクスト | Arithmetic circuit and control method of arithmetic circuit |
WO2015056101A2 (en) * | 2013-10-17 | 2015-04-23 | Marvell Israel | Processing concurrency in a network device |
US9531531B2 (en) * | 2015-05-06 | 2016-12-27 | Qualcomm Incorporated | Methods and devices for fixed execution flow multiplier recoding and scalar multiplication |
EP3094039A1 (en) * | 2015-05-13 | 2016-11-16 | Gemalto Sa | Method for optimizing the execution of a function which generates at least one key within an integrated circuit device |
US10346164B2 (en) * | 2015-11-05 | 2019-07-09 | International Business Machines Corporation | Memory move instruction sequence targeting an accelerator switchboard |
US10241945B2 (en) | 2015-11-05 | 2019-03-26 | International Business Machines Corporation | Memory move supporting speculative acquisition of source and destination data granules including copy-type and paste-type instructions |
US10140052B2 (en) | 2015-11-05 | 2018-11-27 | International Business Machines Corporation | Memory access in a data processing system utilizing copy and paste instructions |
US10126952B2 (en) | 2015-11-05 | 2018-11-13 | International Business Machines Corporation | Memory move instruction sequence targeting a memory-mapped device |
US10152322B2 (en) | 2015-11-05 | 2018-12-11 | International Business Machines Corporation | Memory move instruction sequence including a stream of copy-type and paste-type instructions |
US10020932B2 (en) * | 2015-11-13 | 2018-07-10 | Nxp B.V. | Split-and-merge approach to protect against DFA attacks |
US10243937B2 (en) * | 2016-07-08 | 2019-03-26 | Nxp B.V. | Equality check implemented with secret sharing |
US11455257B2 (en) * | 2019-04-07 | 2022-09-27 | Intel Corporation | Ultra-secure accelerators |
WO2021217034A1 (en) * | 2020-04-23 | 2021-10-28 | University Of Southern California | Design of high-performance and scalable montgomery modular multiplier circuits |
US20220121424A1 (en) * | 2020-10-21 | 2022-04-21 | PUFsecurity Corporation | Device and Method of Handling a Modular Multiplication |
US11210067B1 (en) | 2020-11-27 | 2021-12-28 | Pqsecure Technologies, Llc | Architecture for small and efficient modular multiplication using carry-save adders |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5329623A (en) * | 1992-06-17 | 1994-07-12 | The Trustees Of The University Of Pennsylvania | Apparatus for providing cryptographic support in a network |
US5844986A (en) * | 1996-09-30 | 1998-12-01 | Intel Corporation | Secure BIOS |
US5961626A (en) * | 1997-10-10 | 1999-10-05 | Motorola, Inc. | Method and processing interface for transferring data between host systems and a packetized processing system |
US6029170A (en) * | 1997-11-25 | 2000-02-22 | International Business Machines Corporation | Hybrid tree array data structure and method |
US6081895A (en) * | 1997-10-10 | 2000-06-27 | Motorola, Inc. | Method and system for managing data unit processing |
US6219789B1 (en) * | 1995-07-20 | 2001-04-17 | Dallas Semiconductor Corporation | Microprocessor with coprocessing capabilities for secure transactions and quick clearing capabilities |
US6567911B1 (en) * | 1999-12-06 | 2003-05-20 | Adaptec, Inc. | Method of conserving memory resources during execution of system BIOS |
Family Cites Families (16)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4763242A (en) * | 1985-10-23 | 1988-08-09 | Hewlett-Packard Company | Computer providing flexible processor extension, flexible instruction set extension, and implicit emulation for upward software compatibility |
ATE183315T1 (en) | 1991-09-05 | 1999-08-15 | Canon Kk | METHOD AND DEVICE FOR ENCRYPTING AND DECRYPTING COMMUNICATION DATA |
US5274707A (en) | 1991-12-06 | 1993-12-28 | Roger Schlafly | Modular exponentiation and reduction device and method |
US5513133A (en) | 1992-11-30 | 1996-04-30 | Fortress U&T Ltd. | Compact microelectronic device for performing modular multiplication and exponentiation over large numbers |
EP0656709B1 (en) | 1993-11-30 | 2005-07-13 | Canon Kabushiki Kaisha | Encryption device and apparatus for encryption/decryption based on the Montgomery method using efficient modular multiplication |
US5706489A (en) * | 1995-10-18 | 1998-01-06 | International Business Machines Corporation | Method for a CPU to utilize a parallel instruction execution processing facility for assisting in the processing of the accessed data |
DE69727796T2 (en) * | 1996-10-31 | 2004-12-30 | Atmel Research | Coprocessor for performing modular multiplication |
WO1998050851A1 (en) | 1997-05-04 | 1998-11-12 | Fortress U & T Ltd. | Improved apparatus & method for modular multiplication & exponentiation based on montgomery multiplication |
US5987131A (en) | 1997-08-18 | 1999-11-16 | Picturetel Corporation | Cryptographic key exchange using pre-computation |
US6061706A (en) | 1997-10-10 | 2000-05-09 | United Microelectronics Corp. | Systolic linear-array modular multiplier with pipeline processing elements |
US6075546A (en) * | 1997-11-10 | 2000-06-13 | Silicon Grahphics, Inc. | Packetized command interface to graphics processor |
US6085210A (en) | 1998-01-22 | 2000-07-04 | Philips Semiconductor, Inc. | High-speed modular exponentiator and multiplier |
DE69828150T2 (en) * | 1998-03-30 | 2005-12-15 | Rainbow Technologies Inc., Irvine | Computationally efficient modular multiplication method and device |
US6240436B1 (en) * | 1998-03-30 | 2001-05-29 | Rainbow Technologies, Inc. | High speed montgomery value calculation |
US6820105B2 (en) * | 2000-05-11 | 2004-11-16 | Cyberguard Corporation | Accelerated montgomery exponentiation using plural multipliers |
US6763365B2 (en) | 2000-12-19 | 2004-07-13 | International Business Machines Corporation | Hardware implementation for modular multiplication using a plurality of almost entirely identical processor elements |
-
2001
- 2001-05-04 US US09/849,853 patent/US6820105B2/en not_active Expired - Fee Related
- 2001-05-04 US US09/849,667 patent/US6691143B2/en not_active Expired - Fee Related
- 2001-05-07 WO PCT/US2001/014616 patent/WO2001088692A2/en active Application Filing
- 2001-05-07 AU AU2001290508A patent/AU2001290508A1/en not_active Abandoned
- 2001-05-07 AU AU2001286382A patent/AU2001286382A1/en not_active Abandoned
- 2001-05-07 WO PCT/US2001/014561 patent/WO2001093012A2/en not_active Application Discontinuation
- 2001-05-07 EP EP01970509A patent/EP1405170A2/en not_active Withdrawn
- 2001-05-10 US US09/852,937 patent/US20020004904A1/en not_active Abandoned
- 2001-05-10 US US09/852,562 patent/US20010042210A1/en not_active Abandoned
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5329623A (en) * | 1992-06-17 | 1994-07-12 | The Trustees Of The University Of Pennsylvania | Apparatus for providing cryptographic support in a network |
US6219789B1 (en) * | 1995-07-20 | 2001-04-17 | Dallas Semiconductor Corporation | Microprocessor with coprocessing capabilities for secure transactions and quick clearing capabilities |
US5844986A (en) * | 1996-09-30 | 1998-12-01 | Intel Corporation | Secure BIOS |
US5961626A (en) * | 1997-10-10 | 1999-10-05 | Motorola, Inc. | Method and processing interface for transferring data between host systems and a packetized processing system |
US6081895A (en) * | 1997-10-10 | 2000-06-27 | Motorola, Inc. | Method and system for managing data unit processing |
US6029170A (en) * | 1997-11-25 | 2000-02-22 | International Business Machines Corporation | Hybrid tree array data structure and method |
US6567911B1 (en) * | 1999-12-06 | 2003-05-20 | Adaptec, Inc. | Method of conserving memory resources during execution of system BIOS |
Cited By (41)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20030023846A1 (en) * | 1999-07-08 | 2003-01-30 | Broadcom Corporation | Classification engine in a cryptography acceleration chip |
US7600131B1 (en) | 1999-07-08 | 2009-10-06 | Broadcom Corporation | Distributed processing in a cryptography acceleration chip |
US7996670B1 (en) | 1999-07-08 | 2011-08-09 | Broadcom Corporation | Classification engine in a cryptography acceleration chip |
US20030020621A1 (en) * | 2001-07-24 | 2003-01-30 | Kessler Richard E. | Method and apparatus for establishing secure sessions |
US7240203B2 (en) * | 2001-07-24 | 2007-07-03 | Cavium Networks, Inc. | Method and apparatus for establishing secure sessions |
US20030046561A1 (en) * | 2001-08-31 | 2003-03-06 | Hamilton Jon W. | Non-algebraic cryptographic architecture |
US7305567B1 (en) | 2002-03-01 | 2007-12-04 | Cavium Networks, In. | Decoupled architecture for data ciphering operations |
US7260217B1 (en) * | 2002-03-01 | 2007-08-21 | Cavium Networks, Inc. | Speculative execution for data ciphering operations |
US20040123119A1 (en) * | 2002-12-18 | 2004-06-24 | Broadcom Corporation | Cryptography accelerator interface decoupling from cryptography processing cores |
US7191341B2 (en) | 2002-12-18 | 2007-03-13 | Broadcom Corporation | Methods and apparatus for ordering data in a cryptography accelerator |
US20040123123A1 (en) * | 2002-12-18 | 2004-06-24 | Buer Mark L. | Methods and apparatus for accessing security association information in a cryptography accelerator |
US20040123120A1 (en) * | 2002-12-18 | 2004-06-24 | Broadcom Corporation | Cryptography accelerator input interface data handling |
US7568110B2 (en) * | 2002-12-18 | 2009-07-28 | Broadcom Corporation | Cryptography accelerator interface decoupling from cryptography processing cores |
US7434043B2 (en) * | 2002-12-18 | 2008-10-07 | Broadcom Corporation | Cryptography accelerator data routing unit |
US20040123121A1 (en) * | 2002-12-18 | 2004-06-24 | Broadcom Corporation | Methods and apparatus for ordering data in a cryptography accelerator |
US20040123096A1 (en) * | 2002-12-18 | 2004-06-24 | Broadcom Corporation | Cryptography accelerator data routing unit |
US20040230813A1 (en) * | 2003-05-12 | 2004-11-18 | International Business Machines Corporation | Cryptographic coprocessor on a general purpose microprocessor |
US20060026601A1 (en) * | 2004-07-29 | 2006-02-02 | Solt David G Jr | Executing commands on a plurality of processes |
CN100385366C (en) * | 2004-09-02 | 2008-04-30 | 国际商业机器公司 | Method for reducing encrypt latency impact on standard traffic and system thereof |
US9264426B2 (en) | 2004-12-20 | 2016-02-16 | Broadcom Corporation | System and method for authentication via a proximate device |
US20060133604A1 (en) * | 2004-12-21 | 2006-06-22 | Mark Buer | System and method for securing data from a remote input device |
US9288192B2 (en) | 2004-12-21 | 2016-03-15 | Broadcom Corporation | System and method for securing data from a remote input device |
US8295484B2 (en) | 2004-12-21 | 2012-10-23 | Broadcom Corporation | System and method for securing data from a remote input device |
US8135960B2 (en) * | 2007-10-30 | 2012-03-13 | International Business Machines Corporation | Multiprocessor electronic circuit including a plurality of processors and electronic data processing system |
US20090113212A1 (en) * | 2007-10-30 | 2009-04-30 | International Business Machines Corporation | Multiprocessor electronic circuit including a plurality of processors and electronic data processing system |
WO2009090541A3 (en) * | 2008-01-16 | 2009-10-15 | Nokia Corporation | Co-processor for stream data processing |
US20090183161A1 (en) * | 2008-01-16 | 2009-07-16 | Pasi Kolinummi | Co-processor for stream data processing |
WO2009090541A2 (en) * | 2008-01-16 | 2009-07-23 | Nokia Corporation | Co-processor for stream data processing |
US8856479B2 (en) | 2012-04-20 | 2014-10-07 | International Business Machines Corporation | Implementing storage adapter performance optimization with hardware operations completion coalescence |
US9417873B2 (en) | 2012-12-28 | 2016-08-16 | Intel Corporation | Apparatus and method for a hybrid latency-throughput processor |
US9361116B2 (en) * | 2012-12-28 | 2016-06-07 | Intel Corporation | Apparatus and method for low-latency invocation of accelerators |
US20140189332A1 (en) * | 2012-12-28 | 2014-07-03 | Oren Ben-Kiki | Apparatus and method for low-latency invocation of accelerators |
US9542193B2 (en) | 2012-12-28 | 2017-01-10 | Intel Corporation | Memory address collision detection of ordered parallel threads with bloom filters |
US10083037B2 (en) | 2012-12-28 | 2018-09-25 | Intel Corporation | Apparatus and method for low-latency invocation of accelerators |
US10089113B2 (en) | 2012-12-28 | 2018-10-02 | Intel Corporation | Apparatus and method for low-latency invocation of accelerators |
US10095521B2 (en) | 2012-12-28 | 2018-10-09 | Intel Corporation | Apparatus and method for low-latency invocation of accelerators |
US10101999B2 (en) | 2012-12-28 | 2018-10-16 | Intel Corporation | Memory address collision detection of ordered parallel threads with bloom filters |
US10140129B2 (en) | 2012-12-28 | 2018-11-27 | Intel Corporation | Processing core having shared front end unit |
US10255077B2 (en) | 2012-12-28 | 2019-04-09 | Intel Corporation | Apparatus and method for a hybrid latency-throughput processor |
US10664284B2 (en) | 2012-12-28 | 2020-05-26 | Intel Corporation | Apparatus and method for a hybrid latency-throughput processor |
US10346195B2 (en) | 2012-12-29 | 2019-07-09 | Intel Corporation | Apparatus and method for invocation of a multi threaded accelerator |
Also Published As
Publication number | Publication date |
---|---|
AU2001286382A1 (en) | 2001-11-26 |
US6691143B2 (en) | 2004-02-10 |
WO2001093012A3 (en) | 2002-04-25 |
WO2001088692A3 (en) | 2002-04-18 |
WO2001093012A2 (en) | 2001-12-06 |
US20010042210A1 (en) | 2001-11-15 |
EP1405170A2 (en) | 2004-04-07 |
WO2001088692A2 (en) | 2001-11-22 |
US20020010730A1 (en) | 2002-01-24 |
US6820105B2 (en) | 2004-11-16 |
AU2001290508A1 (en) | 2001-12-11 |
US20020013799A1 (en) | 2002-01-31 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20020004904A1 (en) | Cryptographic data processing systems, computer program products, and methods of operating same in which multiple cryptographic execution units execute commands from a host processor in parallel | |
TWI747933B (en) | Hardware accelerators and methods for offload operations | |
US5388237A (en) | Method of and apparatus for interleaving multiple-channel DMA operations | |
EP0550163B1 (en) | Circuit architecture for supporting multiple-channel DMA operations | |
CN100541665C (en) | Programmable parallel lookup memory | |
JP2021174506A (en) | Microprocessor with pipeline control for executing instruction in preset future time | |
US20070186077A1 (en) | System and Method for Executing Instructions Utilizing a Preferred Slot Alignment Mechanism | |
TWI461910B (en) | Memories and methods for performing atomic memory operations in accordance with configuration information | |
KR100570138B1 (en) | System and method for loading software on a plurality of processors | |
JP2002532772A5 (en) | ||
JP2002149424A (en) | A plurality of logical interfaces to shared coprocessor resource | |
EP1008053A1 (en) | Controlling memory access ordering in a multi-processing system | |
US5805930A (en) | System for FIFO informing the availability of stages to store commands which include data and virtual address sent directly from application programs | |
US5696990A (en) | Method and apparatus for providing improved flow control for input/output operations in a computer system having a FIFO circuit and an overflow storage area | |
US5924126A (en) | Method and apparatus for providing address translations for input/output operations in a computer system | |
JP4226085B2 (en) | Microprocessor and multiprocessor system | |
US6415338B1 (en) | System for writing a data value at a starting address to a number of consecutive locations equal to a segment length identifier | |
CN102566970A (en) | Data processor with memory for processing decorated instructions with cache bypass | |
CN111381870A (en) | Hardware processor and method for extended microcode patching | |
KR100618248B1 (en) | Supporting multiple outstanding requests to multiple targets in a pipelined memory system | |
JP2003521034A (en) | Microprocessor system and method of operating the same | |
US6438683B1 (en) | Technique using FIFO memory for booting a programmable microprocessor from a host computer | |
JP2001290706A (en) | Prefetch for tlb cache | |
TW202314497A (en) | Circuitry and methods for accelerating streaming data-transformation operations | |
JP4130465B2 (en) | Technology for executing atomic processing on processors with different memory transfer processing sizes |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: NETOCTAVE, INC., NORTH CAROLINA Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:CELOTEK CORPORATION;REEL/FRAME:011816/0138 Effective date: 20000809 Owner name: NETOCTAVE, INC., NORTH CAROLINA Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:BLAKER, DAVID M.;SAVARDA, RAYMOND;HANNA, MICHAEL;REEL/FRAME:011816/0114;SIGNING DATES FROM 20010504 TO 20010508 |
|
AS | Assignment |
Owner name: INTERSOUTH PARTNERS V, L.P. AS AGENT FOR THE SUCUR Free format text: SECURITY INTEREST;ASSIGNOR:NETOCTAVE, INC.;REEL/FRAME:013268/0282 Effective date: 20020827 |
|
AS | Assignment |
Owner name: NETOCTAVE, INC., NORTH CAROLINA Free format text: TERMINATION OF SECURITY INTEREST;ASSIGNOR:INTERSOUTH PARTNERS V, L.P. AS AGENT FOR THE SECURED PARTIES PURSUANT TO THE TERMINATION OF SECURITY INTEREST;REEL/FRAME:013335/0175 Effective date: 20020927 |
|
AS | Assignment |
Owner name: CYBERGUARD CORPORATION, FLORIDA Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:NETOCTAVE, INC.;REEL/FRAME:013495/0063 Effective date: 20030304 |
|
AS | Assignment |
Owner name: NBMK ENCRYPTION TECHNOLOGIES, INC., NORTH CAROLINA Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:CYBERGUARD CORPORATION;REEL/FRAME:017596/0264 Effective date: 20060421 |
|
STCB | Information on status: application discontinuation |
Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION |